@azure/msal-common 15.2.1 → 15.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.mjs +1 -1
- package/dist/account/AuthToken.mjs +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/ClientInfo.mjs +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/authority/Authority.mjs +3 -3
- package/dist/authority/Authority.mjs.map +1 -1
- package/dist/authority/AuthorityFactory.mjs +1 -1
- package/dist/authority/AuthorityMetadata.mjs +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.d.ts +11 -0
- package/dist/authority/ProtocolMode.d.ts.map +1 -1
- package/dist/authority/ProtocolMode.mjs +12 -1
- package/dist/authority/ProtocolMode.mjs.map +1 -1
- package/dist/authority/RegionDiscovery.mjs +1 -1
- package/dist/cache/CacheManager.mjs +1 -1
- package/dist/cache/entities/AccountEntity.mjs +4 -4
- package/dist/cache/entities/AccountEntity.mjs.map +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +1 -1
- package/dist/client/AuthorizationCodeClient.d.ts +0 -31
- package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +41 -246
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/BaseClient.d.ts.map +1 -1
- package/dist/client/BaseClient.mjs +9 -10
- package/dist/client/BaseClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.d.ts.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +27 -29
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.mjs +1 -1
- package/dist/config/ClientConfiguration.mjs +1 -1
- package/dist/constants/AADServerParamKeys.d.ts +3 -0
- package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +6 -3
- package/dist/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist/crypto/ICrypto.mjs +1 -1
- package/dist/crypto/JoseHeader.mjs +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +1 -1
- package/dist/error/AuthError.mjs +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.mjs +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.mjs +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +1 -1
- package/dist/error/ClientConfigurationError.mjs +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.mjs +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +1 -1
- package/dist/error/ServerError.mjs +1 -1
- package/dist/exports-common.d.ts +4 -3
- package/dist/exports-common.d.ts.map +1 -1
- package/dist/index-browser.mjs +6 -3
- package/dist/index-browser.mjs.map +1 -1
- package/dist/index-node.mjs +6 -3
- package/dist/index-node.mjs.map +1 -1
- package/dist/index.mjs +6 -3
- package/dist/index.mjs.map +1 -1
- package/dist/logger/Logger.mjs +1 -1
- package/dist/network/INetworkModule.mjs +1 -1
- package/dist/network/RequestThumbprint.mjs +1 -1
- package/dist/network/ThrottlingUtils.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts +37 -0
- package/dist/protocol/Authorize.d.ts.map +1 -0
- package/dist/protocol/Authorize.mjs +237 -0
- package/dist/protocol/Authorize.mjs.map +1 -0
- package/dist/request/AuthenticationHeaderParser.mjs +1 -1
- package/dist/request/CommonAuthorizationUrlRequest.d.ts +3 -2
- package/dist/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.d.ts +211 -219
- package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +364 -370
- package/dist/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist/request/RequestValidator.mjs +1 -1
- package/dist/request/ScopeSet.mjs +1 -1
- package/dist/response/AuthorizeResponse.d.ts +76 -0
- package/dist/response/AuthorizeResponse.d.ts.map +1 -0
- package/dist/response/ResponseHandler.d.ts +0 -8
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +2 -49
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
- package/dist/telemetry/performance/PerformanceEvent.d.ts +6 -2
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +15 -11
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
- package/dist/url/UrlString.mjs +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +1 -1
- package/dist/utils/Constants.d.ts +11 -5
- package/dist/utils/Constants.d.ts.map +1 -1
- package/dist/utils/Constants.mjs +13 -8
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/FunctionWrappers.mjs +1 -1
- package/dist/utils/ProtocolUtils.mjs +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/UrlUtils.d.ts +6 -2
- package/dist/utils/UrlUtils.d.ts.map +1 -1
- package/dist/utils/UrlUtils.mjs +13 -2
- package/dist/utils/UrlUtils.mjs.map +1 -1
- package/lib/index-browser.cjs +4 -2
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node--LMD5Re1.js → index-node-C56U0Gkp.js} +833 -777
- package/lib/index-node-C56U0Gkp.js.map +1 -0
- package/lib/index-node.cjs +4 -2
- package/lib/index-node.cjs.map +1 -1
- package/lib/index.cjs +4 -2
- package/lib/index.cjs.map +1 -1
- package/lib/types/authority/ProtocolMode.d.ts +11 -0
- package/lib/types/authority/ProtocolMode.d.ts.map +1 -1
- package/lib/types/client/AuthorizationCodeClient.d.ts +0 -31
- package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/lib/types/client/BaseClient.d.ts.map +1 -1
- package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/lib/types/constants/AADServerParamKeys.d.ts +3 -0
- package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
- package/lib/types/exports-common.d.ts +4 -3
- package/lib/types/exports-common.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts +37 -0
- package/lib/types/protocol/Authorize.d.ts.map +1 -0
- package/lib/types/request/CommonAuthorizationUrlRequest.d.ts +3 -2
- package/lib/types/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
- package/lib/types/request/RequestParameterBuilder.d.ts +211 -219
- package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
- package/lib/types/response/AuthorizeResponse.d.ts +76 -0
- package/lib/types/response/AuthorizeResponse.d.ts.map +1 -0
- package/lib/types/response/ResponseHandler.d.ts +0 -8
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts +6 -2
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/lib/types/utils/Constants.d.ts +11 -5
- package/lib/types/utils/Constants.d.ts.map +1 -1
- package/lib/types/utils/UrlUtils.d.ts +6 -2
- package/lib/types/utils/UrlUtils.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/authority/Authority.ts +2 -2
- package/src/authority/ProtocolMode.ts +11 -0
- package/src/cache/entities/AccountEntity.ts +3 -3
- package/src/client/AuthorizationCodeClient.ts +84 -395
- package/src/client/BaseClient.ts +20 -12
- package/src/client/RefreshTokenClient.ts +60 -30
- package/src/constants/AADServerParamKeys.ts +3 -0
- package/src/exports-common.ts +5 -2
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +409 -0
- package/src/request/CommonAuthorizationUrlRequest.ts +3 -2
- package/src/request/RequestParameterBuilder.ts +516 -545
- package/src/response/AuthorizeResponse.ts +80 -0
- package/src/response/ResponseHandler.ts +0 -98
- package/src/telemetry/performance/PerformanceEvent.ts +14 -11
- package/src/utils/Constants.ts +14 -6
- package/src/utils/UrlUtils.ts +19 -4
- package/dist/response/ServerAuthorizationCodeResponse.d.ts +0 -27
- package/dist/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
- package/lib/index-node--LMD5Re1.js.map +0 -1
- package/lib/types/response/ServerAuthorizationCodeResponse.d.ts +0 -27
- package/lib/types/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
- package/src/response/ServerAuthorizationCodeResponse.ts +0 -34
|
@@ -4,7 +4,6 @@
|
|
|
4
4
|
*/
|
|
5
5
|
|
|
6
6
|
import {
|
|
7
|
-
Constants,
|
|
8
7
|
ResponseMode,
|
|
9
8
|
CLIENT_INFO,
|
|
10
9
|
AuthenticationScheme,
|
|
@@ -13,6 +12,7 @@ import {
|
|
|
13
12
|
OIDC_DEFAULT_SCOPES,
|
|
14
13
|
ThrottlingConstants,
|
|
15
14
|
HeaderNames,
|
|
15
|
+
OAuthResponseType,
|
|
16
16
|
} from "../utils/Constants.js";
|
|
17
17
|
import * as AADServerParamKeys from "../constants/AADServerParamKeys.js";
|
|
18
18
|
import { ScopeSet } from "./ScopeSet.js";
|
|
@@ -21,7 +21,6 @@ import {
|
|
|
21
21
|
ClientConfigurationErrorCodes,
|
|
22
22
|
} from "../error/ClientConfigurationError.js";
|
|
23
23
|
import { StringDict } from "../utils/MsalTypes.js";
|
|
24
|
-
import { RequestValidator } from "./RequestValidator.js";
|
|
25
24
|
import {
|
|
26
25
|
ApplicationTelemetry,
|
|
27
26
|
LibraryInfo,
|
|
@@ -30,11 +29,11 @@ import { ServerTelemetryManager } from "../telemetry/server/ServerTelemetryManag
|
|
|
30
29
|
import { ClientInfo } from "../account/ClientInfo.js";
|
|
31
30
|
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
|
|
32
31
|
|
|
33
|
-
function instrumentBrokerParams(
|
|
32
|
+
export function instrumentBrokerParams(
|
|
34
33
|
parameters: Map<string, string>,
|
|
35
34
|
correlationId?: string,
|
|
36
35
|
performanceClient?: IPerformanceClient
|
|
37
|
-
) {
|
|
36
|
+
): void {
|
|
38
37
|
if (!correlationId) {
|
|
39
38
|
return;
|
|
40
39
|
}
|
|
@@ -53,611 +52,583 @@ function instrumentBrokerParams(
|
|
|
53
52
|
}
|
|
54
53
|
}
|
|
55
54
|
|
|
56
|
-
/**
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
)
|
|
66
|
-
|
|
67
|
-
this.performanceClient = performanceClient;
|
|
68
|
-
this.correlationId = correlationId;
|
|
69
|
-
}
|
|
55
|
+
/**
|
|
56
|
+
* Add the given response_type
|
|
57
|
+
* @param parameters
|
|
58
|
+
* @param responseType
|
|
59
|
+
*/
|
|
60
|
+
export function addResponseType(
|
|
61
|
+
parameters: Map<string, string>,
|
|
62
|
+
responseType: OAuthResponseType
|
|
63
|
+
): void {
|
|
64
|
+
parameters.set(AADServerParamKeys.RESPONSE_TYPE, responseType);
|
|
65
|
+
}
|
|
70
66
|
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
67
|
+
/**
|
|
68
|
+
* add response_mode. defaults to query.
|
|
69
|
+
* @param responseMode
|
|
70
|
+
*/
|
|
71
|
+
export function addResponseMode(
|
|
72
|
+
parameters: Map<string, string>,
|
|
73
|
+
responseMode?: ResponseMode
|
|
74
|
+
): void {
|
|
75
|
+
parameters.set(
|
|
76
|
+
AADServerParamKeys.RESPONSE_MODE,
|
|
77
|
+
responseMode ? responseMode : ResponseMode.QUERY
|
|
78
|
+
);
|
|
79
|
+
}
|
|
80
80
|
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
encodeURIComponent(
|
|
88
|
-
`${Constants.TOKEN_RESPONSE_TYPE} ${Constants.ID_TOKEN_RESPONSE_TYPE}`
|
|
89
|
-
)
|
|
90
|
-
);
|
|
91
|
-
}
|
|
81
|
+
/**
|
|
82
|
+
* Add flag to indicate STS should attempt to use WAM if available
|
|
83
|
+
*/
|
|
84
|
+
export function addNativeBroker(parameters: Map<string, string>): void {
|
|
85
|
+
parameters.set(AADServerParamKeys.NATIVE_BROKER, "1");
|
|
86
|
+
}
|
|
92
87
|
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
88
|
+
/**
|
|
89
|
+
* add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios
|
|
90
|
+
* @param scopeSet
|
|
91
|
+
* @param addOidcScopes
|
|
92
|
+
*/
|
|
93
|
+
export function addScopes(
|
|
94
|
+
parameters: Map<string, string>,
|
|
95
|
+
scopes: string[],
|
|
96
|
+
addOidcScopes: boolean = true,
|
|
97
|
+
defaultScopes: Array<string> = OIDC_DEFAULT_SCOPES
|
|
98
|
+
): void {
|
|
99
|
+
// Always add openid to the scopes when adding OIDC scopes
|
|
100
|
+
if (
|
|
101
|
+
addOidcScopes &&
|
|
102
|
+
!defaultScopes.includes("openid") &&
|
|
103
|
+
!scopes.includes("openid")
|
|
104
|
+
) {
|
|
105
|
+
defaultScopes.push("openid");
|
|
102
106
|
}
|
|
107
|
+
const requestScopes = addOidcScopes
|
|
108
|
+
? [...(scopes || []), ...defaultScopes]
|
|
109
|
+
: scopes || [];
|
|
110
|
+
const scopeSet = new ScopeSet(requestScopes);
|
|
111
|
+
parameters.set(AADServerParamKeys.SCOPE, scopeSet.printScopes());
|
|
112
|
+
}
|
|
103
113
|
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
114
|
+
/**
|
|
115
|
+
* add clientId
|
|
116
|
+
* @param clientId
|
|
117
|
+
*/
|
|
118
|
+
export function addClientId(
|
|
119
|
+
parameters: Map<string, string>,
|
|
120
|
+
clientId: string
|
|
121
|
+
): void {
|
|
122
|
+
parameters.set(AADServerParamKeys.CLIENT_ID, clientId);
|
|
123
|
+
}
|
|
113
124
|
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
// Always add openid to the scopes when adding OIDC scopes
|
|
125
|
-
if (
|
|
126
|
-
addOidcScopes &&
|
|
127
|
-
!defaultScopes.includes("openid") &&
|
|
128
|
-
!scopes.includes("openid")
|
|
129
|
-
) {
|
|
130
|
-
defaultScopes.push("openid");
|
|
131
|
-
}
|
|
132
|
-
const requestScopes = addOidcScopes
|
|
133
|
-
? [...(scopes || []), ...defaultScopes]
|
|
134
|
-
: scopes || [];
|
|
135
|
-
const scopeSet = new ScopeSet(requestScopes);
|
|
136
|
-
this.parameters.set(
|
|
137
|
-
AADServerParamKeys.SCOPE,
|
|
138
|
-
encodeURIComponent(scopeSet.printScopes())
|
|
139
|
-
);
|
|
140
|
-
}
|
|
125
|
+
/**
|
|
126
|
+
* add redirect_uri
|
|
127
|
+
* @param redirectUri
|
|
128
|
+
*/
|
|
129
|
+
export function addRedirectUri(
|
|
130
|
+
parameters: Map<string, string>,
|
|
131
|
+
redirectUri: string
|
|
132
|
+
): void {
|
|
133
|
+
parameters.set(AADServerParamKeys.REDIRECT_URI, redirectUri);
|
|
134
|
+
}
|
|
141
135
|
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
136
|
+
/**
|
|
137
|
+
* add post logout redirectUri
|
|
138
|
+
* @param redirectUri
|
|
139
|
+
*/
|
|
140
|
+
export function addPostLogoutRedirectUri(
|
|
141
|
+
parameters: Map<string, string>,
|
|
142
|
+
redirectUri: string
|
|
143
|
+
): void {
|
|
144
|
+
parameters.set(AADServerParamKeys.POST_LOGOUT_URI, redirectUri);
|
|
145
|
+
}
|
|
152
146
|
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
}
|
|
147
|
+
/**
|
|
148
|
+
* add id_token_hint to logout request
|
|
149
|
+
* @param idTokenHint
|
|
150
|
+
*/
|
|
151
|
+
export function addIdTokenHint(
|
|
152
|
+
parameters: Map<string, string>,
|
|
153
|
+
idTokenHint: string
|
|
154
|
+
): void {
|
|
155
|
+
parameters.set(AADServerParamKeys.ID_TOKEN_HINT, idTokenHint);
|
|
156
|
+
}
|
|
164
157
|
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
}
|
|
158
|
+
/**
|
|
159
|
+
* add domain_hint
|
|
160
|
+
* @param domainHint
|
|
161
|
+
*/
|
|
162
|
+
export function addDomainHint(
|
|
163
|
+
parameters: Map<string, string>,
|
|
164
|
+
domainHint: string
|
|
165
|
+
): void {
|
|
166
|
+
parameters.set(AADServerParamKeys.DOMAIN_HINT, domainHint);
|
|
167
|
+
}
|
|
176
168
|
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
169
|
+
/**
|
|
170
|
+
* add login_hint
|
|
171
|
+
* @param loginHint
|
|
172
|
+
*/
|
|
173
|
+
export function addLoginHint(
|
|
174
|
+
parameters: Map<string, string>,
|
|
175
|
+
loginHint: string
|
|
176
|
+
): void {
|
|
177
|
+
parameters.set(AADServerParamKeys.LOGIN_HINT, loginHint);
|
|
178
|
+
}
|
|
187
179
|
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
180
|
+
/**
|
|
181
|
+
* Adds the CCS (Cache Credential Service) query parameter for login_hint
|
|
182
|
+
* @param loginHint
|
|
183
|
+
*/
|
|
184
|
+
export function addCcsUpn(
|
|
185
|
+
parameters: Map<string, string>,
|
|
186
|
+
loginHint: string
|
|
187
|
+
): void {
|
|
188
|
+
parameters.set(HeaderNames.CCS_HEADER, `UPN:${loginHint}`);
|
|
189
|
+
}
|
|
198
190
|
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
191
|
+
/**
|
|
192
|
+
* Adds the CCS (Cache Credential Service) query parameter for account object
|
|
193
|
+
* @param loginHint
|
|
194
|
+
*/
|
|
195
|
+
export function addCcsOid(
|
|
196
|
+
parameters: Map<string, string>,
|
|
197
|
+
clientInfo: ClientInfo
|
|
198
|
+
): void {
|
|
199
|
+
parameters.set(
|
|
200
|
+
HeaderNames.CCS_HEADER,
|
|
201
|
+
`Oid:${clientInfo.uid}@${clientInfo.utid}`
|
|
202
|
+
);
|
|
203
|
+
}
|
|
209
204
|
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
encodeURIComponent(`UPN:${loginHint}`)
|
|
218
|
-
);
|
|
219
|
-
}
|
|
205
|
+
/**
|
|
206
|
+
* add sid
|
|
207
|
+
* @param sid
|
|
208
|
+
*/
|
|
209
|
+
export function addSid(parameters: Map<string, string>, sid: string): void {
|
|
210
|
+
parameters.set(AADServerParamKeys.SID, sid);
|
|
211
|
+
}
|
|
220
212
|
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
213
|
+
/**
|
|
214
|
+
* add claims
|
|
215
|
+
* @param claims
|
|
216
|
+
*/
|
|
217
|
+
export function addClaims(
|
|
218
|
+
parameters: Map<string, string>,
|
|
219
|
+
claims?: string,
|
|
220
|
+
clientCapabilities?: Array<string>
|
|
221
|
+
): void {
|
|
222
|
+
const mergedClaims = addClientCapabilitiesToClaims(
|
|
223
|
+
claims,
|
|
224
|
+
clientCapabilities
|
|
225
|
+
);
|
|
226
|
+
try {
|
|
227
|
+
JSON.parse(mergedClaims);
|
|
228
|
+
} catch (e) {
|
|
229
|
+
throw createClientConfigurationError(
|
|
230
|
+
ClientConfigurationErrorCodes.invalidClaims
|
|
231
|
+
);
|
|
232
|
+
}
|
|
233
|
+
parameters.set(AADServerParamKeys.CLAIMS, mergedClaims);
|
|
234
|
+
}
|
|
231
235
|
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
236
|
+
/**
|
|
237
|
+
* add correlationId
|
|
238
|
+
* @param correlationId
|
|
239
|
+
*/
|
|
240
|
+
export function addCorrelationId(
|
|
241
|
+
parameters: Map<string, string>,
|
|
242
|
+
correlationId: string
|
|
243
|
+
): void {
|
|
244
|
+
parameters.set(AADServerParamKeys.CLIENT_REQUEST_ID, correlationId);
|
|
245
|
+
}
|
|
239
246
|
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
);
|
|
247
|
+
/**
|
|
248
|
+
* add library info query params
|
|
249
|
+
* @param libraryInfo
|
|
250
|
+
*/
|
|
251
|
+
export function addLibraryInfo(
|
|
252
|
+
parameters: Map<string, string>,
|
|
253
|
+
libraryInfo: LibraryInfo
|
|
254
|
+
): void {
|
|
255
|
+
// Telemetry Info
|
|
256
|
+
parameters.set(AADServerParamKeys.X_CLIENT_SKU, libraryInfo.sku);
|
|
257
|
+
parameters.set(AADServerParamKeys.X_CLIENT_VER, libraryInfo.version);
|
|
258
|
+
if (libraryInfo.os) {
|
|
259
|
+
parameters.set(AADServerParamKeys.X_CLIENT_OS, libraryInfo.os);
|
|
254
260
|
}
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
* add correlationId
|
|
258
|
-
* @param correlationId
|
|
259
|
-
*/
|
|
260
|
-
addCorrelationId(correlationId: string): void {
|
|
261
|
-
this.parameters.set(
|
|
262
|
-
AADServerParamKeys.CLIENT_REQUEST_ID,
|
|
263
|
-
encodeURIComponent(correlationId)
|
|
264
|
-
);
|
|
261
|
+
if (libraryInfo.cpu) {
|
|
262
|
+
parameters.set(AADServerParamKeys.X_CLIENT_CPU, libraryInfo.cpu);
|
|
265
263
|
}
|
|
264
|
+
}
|
|
266
265
|
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
);
|
|
278
|
-
if (libraryInfo.os) {
|
|
279
|
-
this.parameters.set(AADServerParamKeys.X_CLIENT_OS, libraryInfo.os);
|
|
280
|
-
}
|
|
281
|
-
if (libraryInfo.cpu) {
|
|
282
|
-
this.parameters.set(
|
|
283
|
-
AADServerParamKeys.X_CLIENT_CPU,
|
|
284
|
-
libraryInfo.cpu
|
|
285
|
-
);
|
|
286
|
-
}
|
|
266
|
+
/**
|
|
267
|
+
* Add client telemetry parameters
|
|
268
|
+
* @param appTelemetry
|
|
269
|
+
*/
|
|
270
|
+
export function addApplicationTelemetry(
|
|
271
|
+
parameters: Map<string, string>,
|
|
272
|
+
appTelemetry: ApplicationTelemetry
|
|
273
|
+
): void {
|
|
274
|
+
if (appTelemetry?.appName) {
|
|
275
|
+
parameters.set(AADServerParamKeys.X_APP_NAME, appTelemetry.appName);
|
|
287
276
|
}
|
|
288
277
|
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
* @param appTelemetry
|
|
292
|
-
*/
|
|
293
|
-
addApplicationTelemetry(appTelemetry: ApplicationTelemetry): void {
|
|
294
|
-
if (appTelemetry?.appName) {
|
|
295
|
-
this.parameters.set(
|
|
296
|
-
AADServerParamKeys.X_APP_NAME,
|
|
297
|
-
appTelemetry.appName
|
|
298
|
-
);
|
|
299
|
-
}
|
|
300
|
-
|
|
301
|
-
if (appTelemetry?.appVersion) {
|
|
302
|
-
this.parameters.set(
|
|
303
|
-
AADServerParamKeys.X_APP_VER,
|
|
304
|
-
appTelemetry.appVersion
|
|
305
|
-
);
|
|
306
|
-
}
|
|
278
|
+
if (appTelemetry?.appVersion) {
|
|
279
|
+
parameters.set(AADServerParamKeys.X_APP_VER, appTelemetry.appVersion);
|
|
307
280
|
}
|
|
281
|
+
}
|
|
308
282
|
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
}
|
|
283
|
+
/**
|
|
284
|
+
* add prompt
|
|
285
|
+
* @param prompt
|
|
286
|
+
*/
|
|
287
|
+
export function addPrompt(
|
|
288
|
+
parameters: Map<string, string>,
|
|
289
|
+
prompt: string
|
|
290
|
+
): void {
|
|
291
|
+
parameters.set(AADServerParamKeys.PROMPT, prompt);
|
|
292
|
+
}
|
|
320
293
|
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
AADServerParamKeys.STATE,
|
|
329
|
-
encodeURIComponent(state)
|
|
330
|
-
);
|
|
331
|
-
}
|
|
294
|
+
/**
|
|
295
|
+
* add state
|
|
296
|
+
* @param state
|
|
297
|
+
*/
|
|
298
|
+
export function addState(parameters: Map<string, string>, state: string): void {
|
|
299
|
+
if (state) {
|
|
300
|
+
parameters.set(AADServerParamKeys.STATE, state);
|
|
332
301
|
}
|
|
302
|
+
}
|
|
333
303
|
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
encodeURIComponent(nonce)
|
|
342
|
-
);
|
|
343
|
-
}
|
|
304
|
+
/**
|
|
305
|
+
* add nonce
|
|
306
|
+
* @param nonce
|
|
307
|
+
*/
|
|
308
|
+
export function addNonce(parameters: Map<string, string>, nonce: string): void {
|
|
309
|
+
parameters.set(AADServerParamKeys.NONCE, nonce);
|
|
310
|
+
}
|
|
344
311
|
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
312
|
+
/**
|
|
313
|
+
* add code_challenge and code_challenge_method
|
|
314
|
+
* - throw if either of them are not passed
|
|
315
|
+
* @param codeChallenge
|
|
316
|
+
* @param codeChallengeMethod
|
|
317
|
+
*/
|
|
318
|
+
export function addCodeChallengeParams(
|
|
319
|
+
parameters: Map<string, string>,
|
|
320
|
+
codeChallenge?: string,
|
|
321
|
+
codeChallengeMethod?: string
|
|
322
|
+
): void {
|
|
323
|
+
if (codeChallenge && codeChallengeMethod) {
|
|
324
|
+
parameters.set(AADServerParamKeys.CODE_CHALLENGE, codeChallenge);
|
|
325
|
+
parameters.set(
|
|
326
|
+
AADServerParamKeys.CODE_CHALLENGE_METHOD,
|
|
357
327
|
codeChallengeMethod
|
|
358
328
|
);
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
encodeURIComponent(codeChallenge)
|
|
363
|
-
);
|
|
364
|
-
this.parameters.set(
|
|
365
|
-
AADServerParamKeys.CODE_CHALLENGE_METHOD,
|
|
366
|
-
encodeURIComponent(codeChallengeMethod)
|
|
367
|
-
);
|
|
368
|
-
} else {
|
|
369
|
-
throw createClientConfigurationError(
|
|
370
|
-
ClientConfigurationErrorCodes.pkceParamsMissing
|
|
371
|
-
);
|
|
372
|
-
}
|
|
373
|
-
}
|
|
374
|
-
|
|
375
|
-
/**
|
|
376
|
-
* add the `authorization_code` passed by the user to exchange for a token
|
|
377
|
-
* @param code
|
|
378
|
-
*/
|
|
379
|
-
addAuthorizationCode(code: string): void {
|
|
380
|
-
this.parameters.set(AADServerParamKeys.CODE, encodeURIComponent(code));
|
|
381
|
-
}
|
|
382
|
-
|
|
383
|
-
/**
|
|
384
|
-
* add the `authorization_code` passed by the user to exchange for a token
|
|
385
|
-
* @param code
|
|
386
|
-
*/
|
|
387
|
-
addDeviceCode(code: string): void {
|
|
388
|
-
this.parameters.set(
|
|
389
|
-
AADServerParamKeys.DEVICE_CODE,
|
|
390
|
-
encodeURIComponent(code)
|
|
391
|
-
);
|
|
392
|
-
}
|
|
393
|
-
|
|
394
|
-
/**
|
|
395
|
-
* add the `refreshToken` passed by the user
|
|
396
|
-
* @param refreshToken
|
|
397
|
-
*/
|
|
398
|
-
addRefreshToken(refreshToken: string): void {
|
|
399
|
-
this.parameters.set(
|
|
400
|
-
AADServerParamKeys.REFRESH_TOKEN,
|
|
401
|
-
encodeURIComponent(refreshToken)
|
|
329
|
+
} else {
|
|
330
|
+
throw createClientConfigurationError(
|
|
331
|
+
ClientConfigurationErrorCodes.pkceParamsMissing
|
|
402
332
|
);
|
|
403
333
|
}
|
|
334
|
+
}
|
|
404
335
|
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
336
|
+
/**
|
|
337
|
+
* add the `authorization_code` passed by the user to exchange for a token
|
|
338
|
+
* @param code
|
|
339
|
+
*/
|
|
340
|
+
export function addAuthorizationCode(
|
|
341
|
+
parameters: Map<string, string>,
|
|
342
|
+
code: string
|
|
343
|
+
): void {
|
|
344
|
+
parameters.set(AADServerParamKeys.CODE, code);
|
|
345
|
+
}
|
|
415
346
|
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
347
|
+
/**
|
|
348
|
+
* add the `authorization_code` passed by the user to exchange for a token
|
|
349
|
+
* @param code
|
|
350
|
+
*/
|
|
351
|
+
export function addDeviceCode(
|
|
352
|
+
parameters: Map<string, string>,
|
|
353
|
+
code: string
|
|
354
|
+
): void {
|
|
355
|
+
parameters.set(AADServerParamKeys.DEVICE_CODE, code);
|
|
356
|
+
}
|
|
426
357
|
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
}
|
|
438
|
-
}
|
|
358
|
+
/**
|
|
359
|
+
* add the `refreshToken` passed by the user
|
|
360
|
+
* @param refreshToken
|
|
361
|
+
*/
|
|
362
|
+
export function addRefreshToken(
|
|
363
|
+
parameters: Map<string, string>,
|
|
364
|
+
refreshToken: string
|
|
365
|
+
): void {
|
|
366
|
+
parameters.set(AADServerParamKeys.REFRESH_TOKEN, refreshToken);
|
|
367
|
+
}
|
|
439
368
|
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
}
|
|
451
|
-
}
|
|
369
|
+
/**
|
|
370
|
+
* add the `code_verifier` passed by the user to exchange for a token
|
|
371
|
+
* @param codeVerifier
|
|
372
|
+
*/
|
|
373
|
+
export function addCodeVerifier(
|
|
374
|
+
parameters: Map<string, string>,
|
|
375
|
+
codeVerifier: string
|
|
376
|
+
): void {
|
|
377
|
+
parameters.set(AADServerParamKeys.CODE_VERIFIER, codeVerifier);
|
|
378
|
+
}
|
|
452
379
|
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
|
|
380
|
+
/**
|
|
381
|
+
* add client_secret
|
|
382
|
+
* @param clientSecret
|
|
383
|
+
*/
|
|
384
|
+
export function addClientSecret(
|
|
385
|
+
parameters: Map<string, string>,
|
|
386
|
+
clientSecret: string
|
|
387
|
+
): void {
|
|
388
|
+
parameters.set(AADServerParamKeys.CLIENT_SECRET, clientSecret);
|
|
389
|
+
}
|
|
463
390
|
|
|
464
|
-
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
391
|
+
/**
|
|
392
|
+
* add clientAssertion for confidential client flows
|
|
393
|
+
* @param clientAssertion
|
|
394
|
+
*/
|
|
395
|
+
export function addClientAssertion(
|
|
396
|
+
parameters: Map<string, string>,
|
|
397
|
+
clientAssertion: string
|
|
398
|
+
): void {
|
|
399
|
+
if (clientAssertion) {
|
|
400
|
+
parameters.set(AADServerParamKeys.CLIENT_ASSERTION, clientAssertion);
|
|
473
401
|
}
|
|
402
|
+
}
|
|
474
403
|
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
|
|
482
|
-
|
|
404
|
+
/**
|
|
405
|
+
* add clientAssertionType for confidential client flows
|
|
406
|
+
* @param clientAssertionType
|
|
407
|
+
*/
|
|
408
|
+
export function addClientAssertionType(
|
|
409
|
+
parameters: Map<string, string>,
|
|
410
|
+
clientAssertionType: string
|
|
411
|
+
): void {
|
|
412
|
+
if (clientAssertionType) {
|
|
413
|
+
parameters.set(
|
|
414
|
+
AADServerParamKeys.CLIENT_ASSERTION_TYPE,
|
|
415
|
+
clientAssertionType
|
|
483
416
|
);
|
|
484
417
|
}
|
|
418
|
+
}
|
|
485
419
|
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
* @param eQParams
|
|
497
|
-
*/
|
|
498
|
-
addExtraQueryParameters(eQParams: StringDict): void {
|
|
499
|
-
Object.entries(eQParams).forEach(([key, value]) => {
|
|
500
|
-
if (!this.parameters.has(key) && value) {
|
|
501
|
-
this.parameters.set(key, value);
|
|
502
|
-
}
|
|
503
|
-
});
|
|
504
|
-
}
|
|
505
|
-
|
|
506
|
-
addClientCapabilitiesToClaims(
|
|
507
|
-
claims?: string,
|
|
508
|
-
clientCapabilities?: Array<string>
|
|
509
|
-
): string {
|
|
510
|
-
let mergedClaims: object;
|
|
511
|
-
|
|
512
|
-
// Parse provided claims into JSON object or initialize empty object
|
|
513
|
-
if (!claims) {
|
|
514
|
-
mergedClaims = {};
|
|
515
|
-
} else {
|
|
516
|
-
try {
|
|
517
|
-
mergedClaims = JSON.parse(claims);
|
|
518
|
-
} catch (e) {
|
|
519
|
-
throw createClientConfigurationError(
|
|
520
|
-
ClientConfigurationErrorCodes.invalidClaims
|
|
521
|
-
);
|
|
522
|
-
}
|
|
523
|
-
}
|
|
420
|
+
/**
|
|
421
|
+
* add OBO assertion for confidential client flows
|
|
422
|
+
* @param clientAssertion
|
|
423
|
+
*/
|
|
424
|
+
export function addOboAssertion(
|
|
425
|
+
parameters: Map<string, string>,
|
|
426
|
+
oboAssertion: string
|
|
427
|
+
): void {
|
|
428
|
+
parameters.set(AADServerParamKeys.OBO_ASSERTION, oboAssertion);
|
|
429
|
+
}
|
|
524
430
|
|
|
525
|
-
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
|
|
431
|
+
/**
|
|
432
|
+
* add grant type
|
|
433
|
+
* @param grantType
|
|
434
|
+
*/
|
|
435
|
+
export function addRequestTokenUse(
|
|
436
|
+
parameters: Map<string, string>,
|
|
437
|
+
tokenUse: string
|
|
438
|
+
): void {
|
|
439
|
+
parameters.set(AADServerParamKeys.REQUESTED_TOKEN_USE, tokenUse);
|
|
440
|
+
}
|
|
530
441
|
|
|
531
|
-
|
|
532
|
-
|
|
533
|
-
|
|
534
|
-
|
|
535
|
-
|
|
536
|
-
|
|
537
|
-
|
|
442
|
+
/**
|
|
443
|
+
* add grant type
|
|
444
|
+
* @param grantType
|
|
445
|
+
*/
|
|
446
|
+
export function addGrantType(
|
|
447
|
+
parameters: Map<string, string>,
|
|
448
|
+
grantType: string
|
|
449
|
+
): void {
|
|
450
|
+
parameters.set(AADServerParamKeys.GRANT_TYPE, grantType);
|
|
451
|
+
}
|
|
538
452
|
|
|
539
|
-
|
|
540
|
-
|
|
453
|
+
/**
|
|
454
|
+
* add client info
|
|
455
|
+
*
|
|
456
|
+
*/
|
|
457
|
+
export function addClientInfo(parameters: Map<string, string>): void {
|
|
458
|
+
parameters.set(CLIENT_INFO, "1");
|
|
459
|
+
}
|
|
541
460
|
|
|
542
|
-
|
|
543
|
-
|
|
544
|
-
|
|
545
|
-
*/
|
|
546
|
-
addUsername(username: string): void {
|
|
547
|
-
this.parameters.set(
|
|
548
|
-
PasswordGrantConstants.username,
|
|
549
|
-
encodeURIComponent(username)
|
|
550
|
-
);
|
|
461
|
+
export function addInstanceAware(parameters: Map<string, string>): void {
|
|
462
|
+
if (!parameters.has(AADServerParamKeys.INSTANCE_AWARE)) {
|
|
463
|
+
parameters.set(AADServerParamKeys.INSTANCE_AWARE, "true");
|
|
551
464
|
}
|
|
465
|
+
}
|
|
552
466
|
|
|
553
|
-
|
|
554
|
-
|
|
555
|
-
|
|
556
|
-
|
|
557
|
-
|
|
558
|
-
|
|
559
|
-
|
|
560
|
-
|
|
561
|
-
|
|
562
|
-
|
|
467
|
+
/**
|
|
468
|
+
* add extraQueryParams
|
|
469
|
+
* @param eQParams
|
|
470
|
+
*/
|
|
471
|
+
export function addExtraQueryParameters(
|
|
472
|
+
parameters: Map<string, string>,
|
|
473
|
+
eQParams: StringDict
|
|
474
|
+
): void {
|
|
475
|
+
Object.entries(eQParams).forEach(([key, value]) => {
|
|
476
|
+
if (!parameters.has(key) && value) {
|
|
477
|
+
parameters.set(key, value);
|
|
478
|
+
}
|
|
479
|
+
});
|
|
480
|
+
}
|
|
563
481
|
|
|
564
|
-
|
|
565
|
-
|
|
566
|
-
|
|
567
|
-
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
|
|
571
|
-
|
|
572
|
-
|
|
573
|
-
|
|
574
|
-
|
|
575
|
-
|
|
576
|
-
|
|
482
|
+
export function addClientCapabilitiesToClaims(
|
|
483
|
+
claims?: string,
|
|
484
|
+
clientCapabilities?: Array<string>
|
|
485
|
+
): string {
|
|
486
|
+
let mergedClaims: object;
|
|
487
|
+
|
|
488
|
+
// Parse provided claims into JSON object or initialize empty object
|
|
489
|
+
if (!claims) {
|
|
490
|
+
mergedClaims = {};
|
|
491
|
+
} else {
|
|
492
|
+
try {
|
|
493
|
+
mergedClaims = JSON.parse(claims);
|
|
494
|
+
} catch (e) {
|
|
495
|
+
throw createClientConfigurationError(
|
|
496
|
+
ClientConfigurationErrorCodes.invalidClaims
|
|
577
497
|
);
|
|
578
498
|
}
|
|
579
499
|
}
|
|
580
500
|
|
|
581
|
-
|
|
582
|
-
|
|
583
|
-
|
|
584
|
-
|
|
585
|
-
if (sshJwkString) {
|
|
586
|
-
this.parameters.set(
|
|
587
|
-
AADServerParamKeys.TOKEN_TYPE,
|
|
588
|
-
AuthenticationScheme.SSH
|
|
589
|
-
);
|
|
590
|
-
this.parameters.set(
|
|
591
|
-
AADServerParamKeys.REQ_CNF,
|
|
592
|
-
encodeURIComponent(sshJwkString)
|
|
593
|
-
);
|
|
501
|
+
if (clientCapabilities && clientCapabilities.length > 0) {
|
|
502
|
+
if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
|
|
503
|
+
// Add access_token key to claims object
|
|
504
|
+
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
|
|
594
505
|
}
|
|
595
|
-
}
|
|
596
506
|
|
|
597
|
-
|
|
598
|
-
|
|
599
|
-
|
|
600
|
-
|
|
601
|
-
|
|
602
|
-
this.parameters.set(
|
|
603
|
-
AADServerParamKeys.X_CLIENT_CURR_TELEM,
|
|
604
|
-
serverTelemetryManager.generateCurrentRequestHeaderValue()
|
|
605
|
-
);
|
|
606
|
-
this.parameters.set(
|
|
607
|
-
AADServerParamKeys.X_CLIENT_LAST_TELEM,
|
|
608
|
-
serverTelemetryManager.generateLastRequestHeaderValue()
|
|
609
|
-
);
|
|
507
|
+
// Add xms_cc claim with provided clientCapabilities to access_token key
|
|
508
|
+
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] =
|
|
509
|
+
{
|
|
510
|
+
values: clientCapabilities,
|
|
511
|
+
};
|
|
610
512
|
}
|
|
611
513
|
|
|
612
|
-
|
|
613
|
-
|
|
614
|
-
*/
|
|
615
|
-
addThrottling(): void {
|
|
616
|
-
this.parameters.set(
|
|
617
|
-
AADServerParamKeys.X_MS_LIB_CAPABILITY,
|
|
618
|
-
ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE
|
|
619
|
-
);
|
|
620
|
-
}
|
|
514
|
+
return JSON.stringify(mergedClaims);
|
|
515
|
+
}
|
|
621
516
|
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
|
|
625
|
-
|
|
626
|
-
|
|
627
|
-
|
|
628
|
-
|
|
629
|
-
|
|
517
|
+
/**
|
|
518
|
+
* adds `username` for Password Grant flow
|
|
519
|
+
* @param username
|
|
520
|
+
*/
|
|
521
|
+
export function addUsername(
|
|
522
|
+
parameters: Map<string, string>,
|
|
523
|
+
username: string
|
|
524
|
+
): void {
|
|
525
|
+
parameters.set(PasswordGrantConstants.username, username);
|
|
526
|
+
}
|
|
527
|
+
|
|
528
|
+
/**
|
|
529
|
+
* adds `password` for Password Grant flow
|
|
530
|
+
* @param password
|
|
531
|
+
*/
|
|
532
|
+
export function addPassword(
|
|
533
|
+
parameters: Map<string, string>,
|
|
534
|
+
password: string
|
|
535
|
+
): void {
|
|
536
|
+
parameters.set(PasswordGrantConstants.password, password);
|
|
537
|
+
}
|
|
538
|
+
|
|
539
|
+
/**
|
|
540
|
+
* add pop_jwk to query params
|
|
541
|
+
* @param cnfString
|
|
542
|
+
*/
|
|
543
|
+
export function addPopToken(
|
|
544
|
+
parameters: Map<string, string>,
|
|
545
|
+
cnfString: string
|
|
546
|
+
): void {
|
|
547
|
+
if (cnfString) {
|
|
548
|
+
parameters.set(AADServerParamKeys.TOKEN_TYPE, AuthenticationScheme.POP);
|
|
549
|
+
parameters.set(AADServerParamKeys.REQ_CNF, cnfString);
|
|
630
550
|
}
|
|
551
|
+
}
|
|
631
552
|
|
|
632
|
-
|
|
633
|
-
|
|
634
|
-
|
|
635
|
-
|
|
636
|
-
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
|
|
641
|
-
|
|
642
|
-
this.addExtraQueryParameters(brokerParams);
|
|
553
|
+
/**
|
|
554
|
+
* add SSH JWK and key ID to query params
|
|
555
|
+
*/
|
|
556
|
+
export function addSshJwk(
|
|
557
|
+
parameters: Map<string, string>,
|
|
558
|
+
sshJwkString: string
|
|
559
|
+
): void {
|
|
560
|
+
if (sshJwkString) {
|
|
561
|
+
parameters.set(AADServerParamKeys.TOKEN_TYPE, AuthenticationScheme.SSH);
|
|
562
|
+
parameters.set(AADServerParamKeys.REQ_CNF, sshJwkString);
|
|
643
563
|
}
|
|
564
|
+
}
|
|
565
|
+
|
|
566
|
+
/**
|
|
567
|
+
* add server telemetry fields
|
|
568
|
+
* @param serverTelemetryManager
|
|
569
|
+
*/
|
|
570
|
+
export function addServerTelemetry(
|
|
571
|
+
parameters: Map<string, string>,
|
|
572
|
+
serverTelemetryManager: ServerTelemetryManager
|
|
573
|
+
): void {
|
|
574
|
+
parameters.set(
|
|
575
|
+
AADServerParamKeys.X_CLIENT_CURR_TELEM,
|
|
576
|
+
serverTelemetryManager.generateCurrentRequestHeaderValue()
|
|
577
|
+
);
|
|
578
|
+
parameters.set(
|
|
579
|
+
AADServerParamKeys.X_CLIENT_LAST_TELEM,
|
|
580
|
+
serverTelemetryManager.generateLastRequestHeaderValue()
|
|
581
|
+
);
|
|
582
|
+
}
|
|
644
583
|
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
584
|
+
/**
|
|
585
|
+
* Adds parameter that indicates to the server that throttling is supported
|
|
586
|
+
*/
|
|
587
|
+
export function addThrottling(parameters: Map<string, string>): void {
|
|
588
|
+
parameters.set(
|
|
589
|
+
AADServerParamKeys.X_MS_LIB_CAPABILITY,
|
|
590
|
+
ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE
|
|
591
|
+
);
|
|
592
|
+
}
|
|
650
593
|
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
|
|
594
|
+
/**
|
|
595
|
+
* Adds logout_hint parameter for "silent" logout which prevent server account picker
|
|
596
|
+
*/
|
|
597
|
+
export function addLogoutHint(
|
|
598
|
+
parameters: Map<string, string>,
|
|
599
|
+
logoutHint: string
|
|
600
|
+
): void {
|
|
601
|
+
parameters.set(AADServerParamKeys.LOGOUT_HINT, logoutHint);
|
|
602
|
+
}
|
|
654
603
|
|
|
655
|
-
|
|
656
|
-
|
|
657
|
-
|
|
658
|
-
|
|
604
|
+
export function addBrokerParameters(
|
|
605
|
+
parameters: Map<string, string>,
|
|
606
|
+
brokerClientId: string,
|
|
607
|
+
brokerRedirectUri: string
|
|
608
|
+
): void {
|
|
609
|
+
if (!parameters.has(AADServerParamKeys.BROKER_CLIENT_ID)) {
|
|
610
|
+
parameters.set(AADServerParamKeys.BROKER_CLIENT_ID, brokerClientId);
|
|
611
|
+
}
|
|
612
|
+
if (!parameters.has(AADServerParamKeys.BROKER_REDIRECT_URI)) {
|
|
613
|
+
parameters.set(
|
|
614
|
+
AADServerParamKeys.BROKER_REDIRECT_URI,
|
|
615
|
+
brokerRedirectUri
|
|
659
616
|
);
|
|
660
|
-
|
|
661
|
-
return queryParameterArray.join("&");
|
|
662
617
|
}
|
|
663
618
|
}
|
|
619
|
+
|
|
620
|
+
/**
|
|
621
|
+
* Add EAR (Encrypted Authorize Response) request parameters
|
|
622
|
+
* @param parameters
|
|
623
|
+
* @param jwk
|
|
624
|
+
*/
|
|
625
|
+
export function addEARParameters(
|
|
626
|
+
parameters: Map<string, string>,
|
|
627
|
+
jwk: string
|
|
628
|
+
): void {
|
|
629
|
+
parameters.set(AADServerParamKeys.EAR_JWK, encodeURIComponent(jwk));
|
|
630
|
+
|
|
631
|
+
// ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
|
|
632
|
+
const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
|
|
633
|
+
parameters.set(AADServerParamKeys.EAR_JWE_CRYPTO, jweCryptoB64Encoded);
|
|
634
|
+
}
|